Commit graph

28770 commits

Author SHA1 Message Date
Jerry Yu
d84c14f80c improve code style
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:24 +08:00
Jerry Yu
b2455d2472 Guards ticket_creation_time
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:24 +08:00
Jerry Yu
9cb953a402 improve document
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:24 +08:00
Jerry Yu
04fceb782b Add freshness check information into document
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:24 +08:00
Jerry Yu
8e0174ac05 Add maximum ticket lifetime check
Also add comments for age cast

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:24 +08:00
Jerry Yu
472a69260b fix build failure
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:20 +08:00
Jerry Yu
cf9135100e fix various issues
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
342a555eef rename ticket received
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
25ba4d40ef rename ticket_creation to ticket_creation_time
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
46c7926f74 Add maximum ticket lifetime check
Also add comments for age cast

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
034a8b77d1 Update document of ticket age tolerance
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
28e7c554f4 Change the bottom of tolerance window
The unit of ticket time has been changed to milliseconds.
And age difference might be negative

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
3ff0b1fda3 Cleanup ticket negative tests.
- improve comments
- case 3/4 is for server age check.
- case 5/6 is for client age check

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
31b601aa15 improve comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
8cf44953b2 guards ticket creation field
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
28547c49ed update tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
ec6d07870d Replace start with ticket_creation
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
702fc590ed Add ticket_creation field
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
f16efbc78d fix various issues
- Add comments for ticket test hooks
- improve code style.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
03511b00aa Replace c99 fmt macro
For c99 compatible compilers, we use PRI64d
and others use official fix.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
fe38e948b8 Add changelog entry for anti_replay_fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
cebffc3446 change time unit of ticket to milliseconds
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Gilles Peskine
8b1a124126
Merge pull request #8438 from yuhaoth/pr/disable-stdout-for-config-query-call
Disable stdout in require_*_configs_* functions
2023-11-20 18:27:03 +00:00
Valerio Setti
d0eebc1f94 ccm/gcm: improve code maintainability
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-20 15:17:53 +01:00
Gilles Peskine
885bcfc9d0
Merge pull request #7649 from yuhaoth/pr/add-command-for-server9-bad-saltlen
Add command for server9-bad-saltlen
2023-11-20 14:07:19 +00:00
Gilles Peskine
473ff34d59
Merge pull request #8489 from valeriosetti/issue8482
Make CCM* and CCM independent
2023-11-20 14:07:14 +00:00
Gilles Peskine
6267dd59c8
Merge pull request #8463 from gilles-peskine-arm/metatest-create
Create a metatest program
2023-11-20 14:07:08 +00:00
Manuel Pégourié-Gonnard
a4e7953f59
Merge pull request #8527 from lpy4105/issue/6324/driver-only-cipher+aead-tls-compat
[G3] Driver-only cipher+aead: TLS: compat.sh
2023-11-20 09:37:06 +00:00
Ronald Cron
97137f91b6
Merge pull request #7071 from yuhaoth/pr/tls13-ticket-add-max_early_data_size-field
TLS 1.3 EarlyData: add `max_early_data_size` field for ticket
2023-11-20 08:04:57 +00:00
BrianX7c
5c7ab6fe86
[cipher.h] Arithmetic overflow in binary left shift operation (MBEDTLS_KEY_BITLEN_SHIFT)
Fixing arithmetic overflow warning (C6297), if compiled in Visual Studio

Signed-off-by: BrianX7c <151365853+BrianX7c@users.noreply.github.com>
2023-11-18 11:07:37 +01:00
Valerio Setti
dd426da7b8 added changelog
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-17 08:33:31 +01:00
Thomas Daubney
dd2a09a22b Introduce demo script for PSA hash program
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-11-16 18:45:55 +00:00
Thomas Daubney
13ecb691a3 Introduce function to return library/core directory
Add crypto_core_directory in build_tree.py so that
the libary/core directory can be returned based
on what repository we are in.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-11-16 18:34:58 +00:00
Matthias Schulz
70595f7983 Explicitly indicating when private fields are accessed in benchmark.c.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-16 17:43:58 +01:00
Paul Elliott
9e25936241 Rename mutex->is_valid to mutex->state
Rename struct member to make it more representative of its current use.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-11-16 15:14:16 +00:00
Paul Elliott
3774637518 Make threading helpers tests thread safe
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-11-16 15:13:49 +00:00
Paul Elliott
5fa986c8cb Move handling of mutex->is_valid into threading_helpers.c
This is now a field only used for testing.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-11-16 15:13:05 +00:00
Gilles Peskine
2f40cc05f0 Improve explanations of what bad thing a metatest does
Especially clarify the situation with respect to mutex usage.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-16 15:13:38 +01:00
Gilles Peskine
ad2a17eb60 Uniformly use MBEDTLS_THREADING_C guards
Since the code compiles with MBEDTLS_THREADING_C, not just with
MBEDTLS_THREADING_PTHREAD, use MBEDTLS_THREADING_C as the guard. The runtime
behavior is only as desired under certain conditions that imply
MBEDTLS_THREADING_PTHREAD, but that's fine: no metatest is expected to pass
in all scenarios, only under specific build- and run-time conditions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-16 15:09:48 +01:00
Ryan Everett
975d411d92 Only set slot to OCCUPIED on successful key loading
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-11-16 13:37:51 +00:00
Valerio Setti
9b7a8b2a0c ccm/gcm: reaplace CIPHER_C functions with BLOCK_CIPHER_C ones
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-16 11:48:00 +01:00
Yanray Wang
19e4dc8df7 tls: fix unused parameter in mbedtls_ssl_cipher_to_psa
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-16 18:05:51 +08:00
Valerio Setti
8db46e4ee1 check_config: remove dependency check of CCM_C/GCM_C on CIPHER_C
CCM_C/GCM_C can now work with either (in order of preference) CIPHER_C
or BLOCK_CIPHER_C and the latter is auto-enabled in case the former
is not enabled. As a consequence there is no need to enforce the
dependency on CIPHER_C.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-16 10:58:27 +01:00
Valerio Setti
dbfd6a9f62 adjust_legacy_crypto: auto-enable BLOCK_CIPHER_C when CIPHER_C is not defined
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-16 10:56:00 +01:00
Pengyu Lv
7afd9a4663 Change the test messages
We are now testing driver-only cipher+aead with full config.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-16 17:55:25 +08:00
Yanray Wang
4ed8691f6d ssl: move MBEDTLS_SSL_HAVE_XXX to config_adjust_legacy_crypto.h
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-16 15:20:57 +08:00
Valerio Setti
59de2ae6de all.sh: re-enable CCM/GCM in test_full_no_cipher()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-16 08:20:27 +01:00
Yanray Wang
1a369d68aa ssl_tls: add missing guard for mbedtls_ssl_cipher_to_psa
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-16 15:17:33 +08:00
Pengyu Lv
c5d4c46983 Add missing PSA init
EC might be supported through PSA, so use `MD_OR_USE_PSA_INIT`
in pk_parse_{public_}keyfile_ec.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-16 09:07:28 +08:00
Thomas Daubney
5556f908cb Rename variables in script
Rename some variables in generate_driver_wrappers.py
now that the script has to work in two repositories
as opposed to just mbed tls.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-11-15 16:50:23 +00:00